Bug 3482 - Logout of guest/anonymous users not reflected in wtmp
Summary: Logout of guest/anonymous users not reflected in wtmp
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd
Version: 5.2
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact:
URL:
Whiteboard:
: 3483 3925 4124 4610 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-06-15 16:31 UTC by Chris Rode
Modified: 2008-05-01 15:37 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 1999-08-21 16:31:53 UTC
Embargoed:


Attachments (Terms of Use)

Description Chris Rode 1999-06-15 16:31:29 UTC
With wu-ftpd-2.5.0-0.5.2 update RPM, when a guest or
anonymous user logs out of the server, the logout is not
reflected in wtmp, so 'last' shows 'still logged in' for
these users.

Comment 1 Jeff Johnson 1999-06-15 18:49:59 UTC
*** Bug 3483 has been marked as a duplicate of this bug. ***

A couple days ago, I upgraded my wu-ftpd package to:
wu-ftpd-2.5.0-0.5.2

Now when I check my lastlog, using last -20 it shows ftp
connections
to
my box as still open: (example)

ftp      ftp          98A718CA.ipt.aol Sun Jun 13 16:16
still
logged in
ftp      ftp          98A718CA.ipt.aol Sun Jun 13 16:14
still
logged in
ftp      ftp          98A718CA.ipt.aol Sun Jun 13 16:14
still
logged in

However, looking at netstat, these connections are closed,
it
appears that the closure of these connections is not being
logged.

I thought I would pass this along, so that it can get
fixed.

Sincerely yours,

Christopher Martinsen
Systems Manager
Columbia Education Center

Comment 2 Jeff Johnson 1999-07-23 08:39:59 UTC
*** Bug 3925 has been marked as a duplicate of this bug. ***

I have not tested this extensively, but I have noticed
RH 6.0 (every update installed) wu-ftpd 2.5.0-2 not clearing
utmp/wtmp properly with anonymous ftp logins.  This can be
noticed best with 'last', where every single anon login is
'still logged in'.  Regular users work fine.  I have not
tested this extensively, but I guess the problem is quite
widespread.

I have changed GID 101 (console in my case) to 91 because
GID's above 100 are in general use by our company but I
don't think that affects anything since the group console
doesn't even own any files in our system..

Comment 3 Jeff Johnson 1999-08-21 15:28:59 UTC
*** Bug 4124 has been marked as a duplicate of this bug. ***

I run an anonftp server, and when I type `last' I see
entries that are still logged on till the last reboot on
July 19 (today is July 20).  On the other hand, who seems to
output correctly.

Here is an example I am doing right now (July 20, 1:30 PM)

$ last -R|grep "Jul 19"|grep still|tail
ftp      ftp          Mon Jul 19 12:22   still logged in
ftp      ftp          Mon Jul 19 12:21   still logged in
ftp      ftp          Mon Jul 19 12:21   still logged in
ftp      ftp          Mon Jul 19 12:20   still logged in
ftp      ftp          Mon Jul 19 12:19   still logged in
ftp      ftp          Mon Jul 19 12:08   still logged in
mw       pts/2        Mon Jul 19 12:07   still logged in
mw       pts/1        Mon Jul 19 12:03   still logged in
mw       pts/0        Mon Jul 19 12:03   still logged in
ftp      ftp          Mon Jul 19 12:02   still logged in


$ who
mw       pts/0    Jul 19 12:03
mw       pts/1    Jul 19 12:03
mw       pts/2    Jul 19 12:07 (:0)
mw       pts/3    Jul 19 14:39 (:0)

It seems `last' never notices when an ftp login happens:

In one xterm:
$ ncftp moni.msci.memphis.edu

In another xterm
$ last -1|less
ftp      ftp          moni.msci.memphi Tue Jul 20 13:43
still logged in

In the first xterm:
ncftp / > bye

In the second xterm

 last -1|less
ftp      ftp          moni.msci.memphi Tue Jul 20 13:43
still logged in

and this entry will stay there forever (until the next
reboot).

Thx

Mate

Mate Wierdl





------- Additional Comments From mw.memphis.edu  07/20/99 14:55 -------
make it

"last does not seem to notice when an anonftp logout happens"

Mate Wierdl

------- Additional Comments From johnsonm  08/02/99 12:24 -------
Changed component to wu-ftpd because at first glance I think it
might be a bug in the pamification of wu-ftpd.  I haven't looked
into it yet so I might be wrong...

------- Additional Comments From mw.memphis.edu  08/02/99 13:28 -------
Well, it seems that the command `who' does not note ftp logins at all.

While I am logged in via ftp and telnet, I run who in two different
ways:

$ who
mw       ttyp1    Aug  2 13:09 (wierdlmpc.msci.memphis.edu)
$ who /var/log/wtmp
mw       ttyp1    Aug  2 13:09 (wierdlmpc.msci.memphis.edu)
mw       ftpd31180 Aug  2 13:13 (wierdlmpc.msci.memphis.edu)

The above certainly leaves it a mistery *what* file who checks for
login info; according to `man who', it checks the nonexisting
/etc/utmp file.

Now here is the problem: even after I logout from ftp, I see

$ who /var/log/wtmp
mw       ttyp1    Aug  2 13:09 (wierdlmpc.msci.memphis.edu)
mw       ftpd31180 Aug  2 13:13 (wierdlmpc.msci.memphis.edu)

Let me add I noticed this both on a 5.2 and a 6.0 system.


------- Additional Comments From johnsonm  08/02/99 16:44 -------
Additional report from pam-list, posted by Alex Yu:
> From: Gregory A Lundberg [lundberg+wuftpd]
> Sent: Monday, August 02, 1999 4:24 PM
> To: Alex Yu
> Cc: WUFTPD Development Group
> Subject: Re: FW: last and pam
>
>
> A Debian maintainer is claiming much the same.
>
> After having read the code, and thinking about the state of the
daemon at
> the various points, I see three possible solutions:
>
>  - live with it.  It's broken and cannot be fixed.
>
>  - use the -W command-line switch.  That will prevent any FTP
> sessions from
>    logging to wtmp.  At least you'll be keeping your wtmp file
clean.
>
>  - give me a few minutes and I'll rip the entire pile of crap from
the
>    source kit.  That way there's no support at all for wtmp
> logging.  Then,
>    when we rewrite the daemon, maybe we can put the functions back
in.
>
> As it is right now, I do not believe wtmp logging works correctly
> for guest
> or anonymous users.  I do not believe it is even possible to make it
work
> correctly.  So I'm recomending my third course of action as the
> solution to
> be incorporated in the 2.6.0.
>
> --
>
> Gregory A Lundberg              WU-FTPD Development Group
> 1441 Elmdale Drive              lundberg
> Kettering, OH 45409-1615 USA    1-800-809-2195


------- Additional Comments From johnsonm  08/03/99 11:27 -------
A patch is reported to be available at:
ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/glibc.wtmp.patch

------- Additional Comments From johnsonm  08/03/99 12:37 -------
Mate reports in private email that the fix works for him.
Thanks, Mate!

Comment 4 Jeff Johnson 1999-08-21 15:29:59 UTC
*** Bug 4610 has been marked as a duplicate of this bug. ***

Versions not affected:

2.4.2b18-2.1 (RH 5.2?)
2.4.2vr17-3  (RH 6.0)

Versions affected:
2.5.0-2 (RH 6.0 updates)

how to duplicate.
1. enable anonymous ftp access.
2. login as anonymous
3. logout
4. type last -10
5. observe the output:
ftp ftp localhost LOGIN_DATE still logged in.

The "still logged in" shold not be there!

Comment 5 Jeff Johnson 1999-08-21 16:31:59 UTC
This is fixed by applying

ftp://ftp.vr.net/pub/wu-ftpd/wu-ftpd/quickfixes/apply_to_2.5.0/glibc.wtmp.patch

in wu-ftpd-2.5.0-4 from Raw Hide. Thanks for the patch.


Note You need to log in before you can comment on or make changes to this bug.